This application relates to electronic computing and more particularly to a trusted platform module (TPM) device for multi-processor systems.
High performance computer systems may utilize multiple processors to increase processing power. Processing workloads may be divided and distributed among the processors, thereby reducing execution time and increasing performance. One architectural model for high performance multiple processor system is the cache coherent Non-Uniform Memory Access (ccNUMA) model. Under the ccNUMA model, system resources such as processors and random access memory may be segmented into groups referred to as Locality Domains, also referred to as “nodes” or “cells”. Each node may comprise one or more processors and physical memory. A processor in a node may access the memory in its node, referred to as local memory, as well as memory in other nodes, referred to as remote memory.
Multi-processor computer systems may be partitioned into a number of elements, or cells. Each cell includes at least one, and more commonly a plurality, of processors. Partitioned computer systems provide a high degree of flexibility in allocating the computing power of a computer system. For example, the various cells in a partitioned computer system, and even various processors within cells, may run different operating systems, if desired. Security and reliability concerns may create a need to isolate resources in one partition from accesses to/from another partition. Such isolation tends to physically subdivide the computer system into ‘hardened’ partitions.
Moreover, computing resources such as entire cells or even individual processors and memory within a cell may be reassigned between partitions in response to changing demands for computing resources. Such reassignment may be performed by a network administrator, or may be performed dynamically by a resource manager module that executes on the computer system.
Recent trusted personal computer architectures incorporate a trusted platform module (TPM) that offers various services useful for data protection. TPMs may be implemented as an application specific integrated circuit (ASIC) that utilize hardware and software platform configuration information to provide encryption and data security services. Because TPM devices rely on hardware and software configuration information specific to a computing device, resource reallocation operations in partitioned computer systems raise technical issues in implementing TPMs in a partitioned computer system environment.
Examples of such technical issues are purging of TPM state when the hosting hardware is retargeted to another purpose, migration of appropriate TPM state when an OS and its workload are migrated to different hosting hardware, or recovery of TPM state when the hosting hardware fails and is replaced.